CVE-2009-1606

Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
dafolodafolocontrol
1.108.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35017
http://www.securityfocus.com/bid/34900
https://exchange.xforce.ibmcloud.com/vulnerabilities/50420
https://exchange.xforce.ibmcloud.com/vulnerabilities/50421
https://exchange.xforce.ibmcloud.com/vulnerabilities/50422
https://exchange.xforce.ibmcloud.com/vulnerabilities/50423
http://secunia.com/advisories/35017
http://www.securityfocus.com/bid/34900
https://exchange.xforce.ibmcloud.com/vulnerabilities/50420
https://exchange.xforce.ibmcloud.com/vulnerabilities/50421
https://exchange.xforce.ibmcloud.com/vulnerabilities/50422
https://exchange.xforce.ibmcloud.com/vulnerabilities/50423